Forgot your password?
typodupeerror
Android Cellphones Government Handhelds Security Linux

NSA Releases Security-Enhanced Android 81

Posted by timothy
from the but-don't-worry dept.
An anonymous reader writes with the recent news that, in line with its goal to provide secure phones to government employees in various domains, "The NSA has released a set of security enhancements to Android. These appear to be based on SELinux, which was also originally created by the NSA."
This discussion has been archived. No new comments can be posted.

NSA Releases Security-Enhanced Android

Comments Filter:
  • by TeddyR (4176) on Friday January 13, 2012 @10:21PM (#38694450) Homepage Journal

    The question is what backdoors have they placed on it. Is it secure from themselves (NSA) and other three letter agencies?

  • by Darkness404 (1287218) on Saturday January 14, 2012 @12:48AM (#38695182)
    You can't be 100% secure, 100% of the time. There will /always/ be a weak link. Be it a backdoor or a security flaw. The goal is to manage your risks. Using security enhanced Android (after about a good month for security researchers to look at the code) is unlikely to introduce any more government-imposed security risks than simply being in the US and its tyrannical laws (PATRIOT Act, CALEA, etc.). Chances are, SEA is going to be more secure than the patched together stock Android system.

    Of course they can hide a backdoor in it. But why bother when they already have nearly unlimited powers due to the PATRIOT act, have many corporations that will bend over backwards for the police state, and laws like CALEA.
  • by MagusSlurpy (592575) on Saturday January 14, 2012 @02:55AM (#38695616) Homepage

    Unless the "security through obscurity" is to make the OS more widespread, and so make actual NSA phones less obvious targets. One thousand "sensitive" phones amongst an install base numbering one hundred thousand slashdotters and tinfoil hatters is a good starting point.

  • by justforgetme (1814588) on Saturday January 14, 2012 @05:02AM (#38695974) Homepage

    while mainly correct, your proposition ignores the fact that in programming you have a lot of plausible deniability in form of the programming mistake. A wrongly placed comparison or wrongly compiled regexp can have huge side effects while looking like little mistypes even a good albeit tired dev would make. Now think that by implanting such a small discrepancy into a big project you could do very many things without being ever detected. Also the side effects of such a behavior are very difficult to follow in a big project making the possibilities of it being forcibly discovered ridiculous since you would have to follow every reroute into oblivion before being sure there are not deliberate side effects.

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...